<?php
//包含数据库配置文件
include '../../public/dbconfig.php';
//包含函数库文件
include '../../public/functions.php';
//调用函数 链接数据库
$link = con();

//接收用户名
$username = $_POST['username'];
//接收密码  加密
$pwd = md5($_POST['pwd']);

//准备查询sql
$sql = "select username,password,qx from user where username='{$username}'";
//执行sql
$res = mysqli_query($link, $sql);
//判断执行结果
if($res && mysqli_num_rows($res)){
	//用户名正确 继续判断密码
	$uinfo = mysqli_fetch_assoc($res);
	if($uinfo['password'] == $pwd){
		//密码正确 继续判断权限
		if($uinfo['qx'] == 2){
			setcookie('username',$uinfo['username'],0,'/luntan/admin/');
			setcookie('qx',$uinfo['qx'],0,'/luntan/admin/');
			//权限正确 登录成功
			echo '<script>alert("恭喜您!登录成功,现在为您跳转到后台首页");window.location.href="../admin.php";</script>';
		}else{
			//没有权限
			header('location:./login.php?error=3');
		}
	}else{
		//密码错误
		header('location:./login.php?error=2');
	}
}else{
	//用户名错误
	header('location:./login.php?error=1');
}
//关闭数据库链接
mysqli_close($link);